The WikiLeaks Spinoff That Wasn’t: An Exclusive Excerpt From This Machine Kills Secrets

An excerpt from the new book

This Machine Kills Secrets

Andy Greenberg

The following is an exclusive excerpt from This Machine Kills Secrets, a new book from Forbes Magazine reporter Andy Greenberg that charts the history and future of anonymous information leaks. Here the author travels to the Chaos Communication Camp on the outskirts of Berlin to witness the launch of the WikiLeaks spinoff group OpenLeaks-an event that would spiral into WikiLeaks’ greatest crisis yet.

The fifty-year-old Soviet biplane lurches, banks hard to the left, and nearly pitches me and the nine hackers aboard into the port-side windows. I resist the urge to vomit as my stomach floats into my chest.

The fluffy-bearded young man sitting behind me doesn’t, and pukes generously into a paper bag.

A few thousand feet below the fuselage of steel in which we’re riding is a German landscape covered with trees, rivers, windmills, and suddenly a field populated with a patchwork of multicolored tents and strips of pavement. Our pilot, a tall Berliner with a sadistic smile, pushes the Antonov An-2 into an alarmingly steep descent, testing my nervous system’s accelerometers again. And then, with unexpected grace, the landing wheels connect with the tarmac and we glide to a stop.

As the plane’s Shvetsov engine sputters to a halt and passengers tumble out dazedly, two men approach, one with long purple hair and the other with a brown military hat, a thick black beard, and a suit and tie. They welcome us to the Chaos Communication Camp.

The CCC, or simply Camp, as it’s called by the transnational hackers who regularly attend, occurs every fourth summer at an airfield in Finowfurt, a tiny town in former East Germany an hour outside of Berlin. For five days, a distinct hacker-hippy culture takes shape in a village of tents, veined with power cords and Ethernet and permeated with Wi-Fi. The three thousand or so hackers hold research presentations in underground hangars on code-breaking, government surveillance, and insanely ambitious DIY projects. (One talk at the latest Camp set a new goal for the CCC: Put a hacker on the moon by 2034.) At night, they build elaborate light-shows and sculptures around the remains of the Soviet aircraft and tanks that litter the terrain. The result is something like a colder, wetter Burning Man for the radical geek elite.

I spend my first two hours at the Chaos Communication Camp wandering in the dusk around the surreal ruins: past a statue of Lenin with headphones and turntables added to convert him into a socialist DJ, a rust- ing fighter jet with elaborate rainbow-knitted caps for its pointed engines and nose. Hackers have bivouacked in the shelter of defunct missiles and helicopter engines, like survivors of the apocalypse who have rebuilt a simpler digital society amid the remains of the military-industrial complex.

It’s only after nightfall that I find Daniel Domscheit-Berg standing in the dark at the edge of the airfield, wearing a long reflective yellow coat, his face looking rather forlorn as it’s lit by another hacker’s headlamp. I call out his name and he turns and greets me with a wide-eyed smile and a handshake. The thirty-three-year-old engineer is Assange’s darkened doppelganger, nearly as tall and slim but with dark short hair, dark-rimmed glasses, dark beard. I ask him how it’s going. “Everything’s going wrong,” he says, without dimming his innocent, slightly gap-toothed smile. “We’re a full two days behind.”

By “we,” Domscheit-Berg means OpenLeaks, his nascent spin-off from WikiLeaks. Birgitta Jonsdottir, who flew in to support the group, is sick in a hotel, he tells me. Her young son tripped on a tent stake, twisted his ankle, and is in the hospital. And ninety-mile-per-hour winds have been pummeling the two-room army tent OpenLeaks has set up as a head- quarters, strong enough that the hackers have spent most of the last forty- eight hours trying to prevent it from collapsing. “This afternoon we were helping to set up the marquee tent,” he says in a plaintive German accent, pointing to a dome fifty yards away. “Then the storm hit, and ten minutes later it ended up looking like some kind of modern art installation.”

Domscheit-Berg invites me into the tent, an orangish structure with what looks like a small Tibetan shrine in one corner, an antinuclear poster, couches, and cases piled on cases of Club-Mate, the sugary, highly caffeinated tea favored by nocturnal German hackers. He hands me a bottle, sits down on the couch, picks up his laptop, and then, without apology, gets back to work.

For Domscheit-Berg, after all, tomorrow is a big day: For the first time, he plans to open OpenLeaks’ leak submission platform to the world.

With this launch, Domscheit-Berg and the other young men milling around the OpenLeaks tent and buried in computer screens don’t merely expect that their newly coded system will be attacked. They’re asking for it. “We will open the system for ninety-six hours to a penetration test,” Domscheit-Berg wrote to me by instant message a month before the Camp. “We want people to break it.”

OpenLeaks, in other words, aims to harden its code in the fire of three thousand hackers simultaneously probing it for vulnerabilities and leaks. “If it still works, and is not compromised, I think we are in a good position to go live,” he wrote.

Going live has been a long time coming. Domscheit-Berg left WikiLeaks in an epically messy divorce in September 2010. He announced Open- Leaks three months later. He planned to launch his first test with the site’s media partners, four small European newspapers and the nonprofit Food- watch, in January 2011. Then April. Now it’s August, and OpenLeaks has yet to even launch its submissions website, fueling the frustration of its supporters and the schadenfreude of Domscheit-Berg’s former colleagues at WikiLeaks.

“It’s not just putting up a website,” Domscheit-Berg counters patiently when I interrupt his typing to ask about this long delay. “We’re working on an end-to-end environment that takes into regard the whole process. What kind of material you get. What the requirements are to access that material to make sure there’s no security breach. How to allow lots of people to work on the material and redact it. How to encrypt it so that only the partners can decrypt it and we can’t. Adding checks in the system so that if there’s a maintenance window nothing is exposed. We’re working on a seriously engineered solution.”

The long-gestating system is designed to allow the same anonymous whistleblowing as WikiLeaks, but unlike the parent project where Domscheit- Berg spent three years of his life, OpenLeaks isn’t designed to actually make anything public. Instead, it aims to securely pass on leaked content to partnered media organizations and nonprofits, avoiding the dicey role of publisher that got WikiLeaks into so much trouble. It will focus, Domscheit- Berg says, on the most technically tricky and crucial link in the leaking chain: untraceable anonymous uploads.

Domscheit-Berg believes he has all the ingredients to build a new WikiLeaks that’s more efficient, more democratically organized, and per- haps most important, more legal. He wants to incorporate as a nonprofit, a steadfast, permanent institution that can strike blows for information freedom against the world’s governments and corporations without needing to hide from anyone.

But there’s another difference from WikiLeaks: Domscheit-Berg believes that merely replicating the previous project’s security isn’t good enough. Not only because, the former WikiLeaker says, Julian Assange’s brainchild never quite reached his ideal standards for data protection. Nor because, despite his denials, the German is still playing out a dark and bitter game of oneupmanship with Assange himself, who once counted Domscheit-Berg a close friend and now publicly casts him as one of the leaking movement’s greatest villains. (In a newspaper interview a few months earlier, Assange called Domscheit-Berg a “dangerous, malicious conman.”) But also because in the year since WikiLeaks began dropping nuclear data bombs on world superpowers, the stakes have risen considerably.

“WikiLeaks appeared out of nowhere,” says Domscheit-Berg. “It caused a lot of new problems no one had thought about before. Now they’ve thought about this whole thing for a bit. The dust has settled. And it will never be as easy again.” Hence Domscheit-Berg’s plan for the entire Chaos Communication Camp to pile on OpenLeaks’ data conduit in a massive hackfest starting tomorrow. Better to be attacked by friends first than intelligence agency spooks and state-sponsored hackers later.

“There was a Swiss newspaper that wrote something like, first there’s a visionary, and then come the engineers,” Domscheit-Berg says. “That’s what’s happening with us as well. Julian had the vision, paired with the spirit to kick this off. We are the engineers.”

***

In March 2011, while late to a meeting and running down Fifth Avenue in Manhattan, I received a call on my BlackBerry from Sarah Harrison, Julian Assange’s personal assistant.

launched into a critique of my latest blog post, a bit of news about WikiLeaks’ reaction to plans for an upcoming film based on two books, one by two reporters at The Guardian and one by Domscheit-Berg, neither of which portrays Assange in a flattering light. “This is how bullshit ends up being history,” a WikiLeaks staffer had written on Twitter earlier in the day.

On the other end of the phone, Assange is taking issue with how I described Domscheit-Berg in my story, as having “left WikiLeaks in September” 2010 and taking “several” staffers with him. “He did not leave. He was suspended,” Assange says in a scolding tone. “And he did not take several staffers with him. He took one.” (I later spoke face-to-face with several staffers who had left WikiLeaks at the same time as Domscheit-Berg, two of whom had gone on to work for OpenLeaks.)

“What this shows me, Andy,” he continues slowly in the manner of a disappointed school headmaster, “is that you’re not properly checking your facts.”

I can sense the subtext of this one-way conversation: I’ve quoted Domscheit-Berg in recent stories. And Assange knows that I and every other journalist covering WikiLeaks have read Domscheit-Berg’s just- published memoir, which describes Assange as an arrogant tyrant and a selfish, petty nerd, complete with descriptions of him mistreating his Ger- man compatriot’s cat, eating his Ovaltine straight from the package, and possessing the table manners of someone “raised by wolves.”

I point out that checking facts with him is difficult when Domscheit- Berg returns my phone calls, and Assange doesn’t. Then I try to explain that my primary interest in speaking with Domscheit-Berg is not to insert myself into the feud between him and Assange, but rather to learn more about OpenLeaks and what it’s doing to continue the work Assange began.

“As far as I can tell, it’s doing nothing,” Assange says.

“That’s true, I suppose. But I’m interested in the ideas behind it and where they’re going,” I respond lamely.

“Then you should know that every idea in OpenLeaks is my idea,” Assange replies without hesitation. “So I’m glad you like my ideas.”

I’m not quite sure how to respond to this, and we sit on the phone in silence for a moment.

“I have to go now, Andy,” he says. Then he hangs up.

***

If Assange had violated his house arrest in England, flown to Germany, made a surprise appearance at the Chaos Communication Camp, and personally pegged Daniel Domscheit-Berg with a piece of rotten fruit during the announcement of OpenLeaks’ test launch, perhaps the otherwise near-total failure of the day would have been complete.

Domscheit-Berg takes the stage inside one of the Camp’s hangars, and within a few minutes, he’s delivering bad news, admitting to the packed room of hackers that after months of delay, the test site still isn’t yet online. He complains in passive-aggressive terms that the Camp’s staff hadn’t properly set up their server colocation facility.

He goes on to explain all the massive technical challenges OpenLeaks faces: how, for instance, to set up secure anonymous submissions systems on the websites of media outlets that use widgets and tools that make online anonymity nearly impossible? Tracking tools included in newspapers’ Web advertisements collect data on users to better sell them cars and toothpaste. Anonymous leaking sites aren’t meant to collect any data at all. Many of the scripts that run in visitors’ Web browsers when they visit media sites can even be rigged to gain control of the user’s computer. And given that OpenLeaks doesn’t plan to run its submissions system exclusively as a Tor Hidden Service—the group sees them as too complex for many users to access—Domscheit-Berg explains that they need to come up with anonymity protections that don’t rely solely on popular anonymity tools like Tor.

After listing this litany of problems, Domscheit-Berg neglects to explain how OpenLeaks will solve any of them.

Instead, he jumps right into his call for the Camp’s hackers to pile onto the test site as soon as it comes online—he assures the crowd it will be up shortly—and examine it for security flaws. “All of you are so important in determining what the future looks like—the technical side of the future— and what the influence will be on the freedoms in society,” he says in a short pep talk. “This goes to the heart of society. If we don’t come up with solutions, who else will?”

But when Domscheit-Berg’s idealistic speech ends and the floor opens for questions, the crowd’s skepticism comes pouring out. The first darkly worded statement is made by a member of the audience that Domscheit-Berg considers a longtime friend: Jacob Appelbaum.

“I think it would be really fantastic if everything you do is free software, and I want to advocate that you make sure everything you do is free soft- ware,” Appelbaum says. To the hackers present, the suggestion carries two shades of meaning: First, free software can be freely used by other organizations with similar aims. But free—as in “open source”—software can also be thoroughly checked for security bugs, both ones included by mis- take and others planted for covert spying.

The young activist follows his comment with a question about Open- Leaks’ purported association with the Germany Privacy Foundation. “I don’t know if it’s true, but I’ve heard those guys are just a front for the defense intelligence agencies of Germany,” he says. “My question is, if you have a foundation, how do you avoid being infiltrated by all the bad motherfuckers that want to infiltrate your organization? And how would you take a rumor like that one, that the Privacy Foundation are related to the spooks, and vet it? And if you found out they were spooks, would you stop working with them or not?” A round of tentative applause follows.

“I’m a German, I know this problem,” Domscheit-Berg responds with a thin smile. “I know all these rumors, and the problem is that you don’t know what to make of that . . . I’ve been reading about myself that I might be paid by the FBI, which is not the case.”

“It was you!” someone shouts from the back of the room, to some sparse laughs. Domscheit-Berg smiles and jokingly puts one finger over his lips.

“We shouldn’t be scared just by all these rumors,” Domscheit-Berg continues, unflustered. “Because that won’t enable us to do anything.”

Then Birgitta Jonsdottir, who has been sitting quietly near the front of the room, pipes up. “Paranoia will kill us,” she says loudly and matter-of-factly. “Yes, I agree with Birgitta,” echoes Domscheit-Berg, sounding tired.

“Paranoia will kill us.”

The jabs continue, many picking up on Appelbaum’s open-source critique. “What could possibly justify that every bit of software produced so far is not released as free-speech software?” fumes one young hacker.

“It is free software, it’s just not open source right now,” Domscheit-Berg responds, arguing that making code open source requires constant time- consuming bug fixes that OpenLeaks can’t yet afford to make. “This is due to the overhead—”

“Where’s the code? Where’s the code?” the critic interjects with con- trolled anger. Another member of the audience asks that OpenLeaks sim- ply publish the SSH password to its servers so that anyone can get into the computers remotely and see exactly what they’re doing.

Domscheit-Berg shakes his head. “You can’t run this like a zoo where everyone can go and watch,” he says.

Near the end of the line of questioners stands CCC board member Andy Muller-Maguhn, a pale and wide-bodied German with compact facial features, a tuft of thin hair on his forehead, and clear blue eyes. “I’m trying to find out what’s open about OpenLeaks,” he says evenly. “I had hoped you would use the principle of openness to ensure the integrity and trustworthiness of the project. For now, you haven’t convinced me you’re doing that.”

Domscheit-Berg can only respond by begging for time again, saying that the group will “probably” open parts of the site’s code to the public. “You’ll have to take my word as much as that’s not optimal,” he says weakly. “That’s all that I can give.”

And then comes the final person in the line of interrogators: John Gilmore, the venerable bearded and ponytailed cofounder of the cypherpunks and the Electronic Frontier Foundation. His mere appearance at a conference east of the Mississippi River is a meaningful event; in 2002, Gilmore filed and lost a lawsuit against the Department of Homeland Security that contested the constitutionality of its practice of asking for his identification before boarding an airplane. Since then, he’s vowed never to board a domestic U.S. flight again, so has had to fly directly from San Francisco to Europe.

“I just want to thank you for trying to do this work,” Gilmore begins with the calm of an elder statesman. “Because if you succeed at it, we get transparency in other parts of the world that have not had it. And if you fail at it, or if people think that you’re lame or whatever, maybe you inspire them to do it better.”

It’s hardly a glowing endorsement. But the crowd applauds more than it has for any other comment.

Over the next hours it becomes clear that OpenLeaks’ immediate problem isn’t a debate over open or closed source software, or even a whisper campaign about its supposed cooperation with intelligence agencies. It simply can’t get online.

The test platform for OpenLeaks is meant to be a submissions system for the left-leaning newspaper Die Tageszeitung—Taz for short. But an hour after Domscheit-Berg’s talk, Leaks.taz.de still returns a “Page not found” message. Moving from the camp’s facilities to an outside data center is taking OpenLeaks’ crew longer than they expected. Two hours pass, with no leak site online. Then three. Then twenty-four.

On the second day of camp, I meet with Reiner Metzger, the editor-in-chief of Die Tageszeitung, who has been camping for the first days of the conference in a small tent next to OpenLeaks’ temporary headquarters to oversee the launch of Leaks.taz.de. But now he’s packing up his things to head back to Berlin, with little to celebrate about his paper’s bold step into the future of leaking. In a very restrained, German way, Metzger is extremely pissed off. He opens his laptop to show me a headline on the website of the competing German newspaper Die Zeit: “Leaking Sky Prevents Open- Leaks Launch,” mocking Domscheit-Berg’s excuse that the storm hindered their preparations.

“Here’s why this is a PR disaster,” he explains as he stuffs his belongings into a bag and rolls up his tent. “We made a big splash. The hackers who come here are still mythical for media people. They’re coming here, thrown it into the ring to fight with this server. It’s a story that every news shift staffer can get immediately. It was a story that was running in every meaningful German newspaper, millions of people saw it. And now a high percentage tried to get to the website. And then again. And again. Nothing happened. Tomorrow the whole thing goes poof and vanishes from the media.”

Metzger had hoped to tout that Die Tageszeitung’s OpenLeaks submissions platform had passed the test of three thousand hackers attacking it. He isn’t looking forward to explaining to his staff that a launch in which his paper has invested a significant chunk of reputation and a front-page story simply didn’t happen.

And he worries the damage may be worse than embarrassment.

“Leak sites have to first have a leak,” he says. “But how do you get this leak? For that you need publicity. Now the publicity is there, and the web- site is not. And maybe some of the leakers are turned off. In the short run, it’s a disappointment. But in the long run the issue is the leaks.”

“To leak or not to leak,” he adds with a grim laugh as he packs up his things and prepares to head into the OpenLeaks tent to meet with Domscheit-Berg. “That is the question.”